[CRIU] [PATCH] parasite: Don't left memfd opened inside dumpee

[Cyrill Gorcunov]

If for some reason ptrace_poke_area return error
we might left dumpee with memfd descriptor opened.

Later in code we remove out injected blob making
dumpee to look untouched but descriptor will hang there.

lsof from container output:

 | systemd-u   48       root    6u      REG                0,4        0  53855 /memfd:CRIUMFD (deleted)

Thus lets close it immediately.

https://jira.sw.ru/browse/PSBM-43199

Signed-off-by: Cyrill Gorcunov <gorcunov at virtuozzo.com>
---
 parasite-syscall.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/parasite-syscall.c b/parasite-syscall.c
index d1c1ec9..b0a3d21 100644
--- a/parasite-syscall.c
+++ b/parasite-syscall.c
@@ -1187,7 +1187,7 @@ static int parasite_memfd_exchange(struct parasite_ctl *ctl, unsigned long size)
 	void *where = (void *)ctl->syscall_ip + BUILTIN_SYSCALL_SIZE;
 	u8 orig_code[MEMFD_FNAME_SZ] = MEMFD_FNAME;
 	pid_t pid = ctl->pid.real;
-	unsigned long sret;
+	unsigned long sret = -ENOSYS;
 	int ret, fd, lfd;
 
 	BUILD_BUG_ON(sizeof(orig_code) < sizeof(long));
@@ -1201,6 +1201,9 @@ static int parasite_memfd_exchange(struct parasite_ctl *ctl, unsigned long size)
 			     (unsigned long)where, 0, 0, 0, 0, 0);
 
 	if (ptrace_poke_area(pid, orig_code, where, sizeof(orig_code))) {
+		fd = (int)(long)sret;
+		if (fd >= 0)
+			syscall_seized(ctl, __NR_close, &sret, fd, 0, 0, 0, 0, 0);
 		pr_err("Can't restore memfd args (pid: %d)\n", pid);
 		return -1;
 	}
-- 
2.5.0